aces
CORS white list for Javascript API client
could we add a white list of domain(s) where a Javascript client for the REST API could be served and send HTTP request from?
The missing response header is Access-Control-Allow-Origin
I'm not sure what to do. What would be the values for the CORS domains? How can CBRAIN as a service know which other domains can fetch data from it and which cannot?
What is this blocking right now?
I suspect it's because we want some LORIS servers to query CBRAIN ? So am I right in thinking that the CBRAIN admins could have a text box somewhere where he/she can enter some domain names, and from then on CBRAIN would add these domains to the CORS response header?